Abstract
The Controller Area Network (CAN), which is used for communication between in-vehicle devices, has been shown to be vulnerable to spoofing attacks. Voltage-based spoofing detection (VBS-D) mechanisms are considered state-of-the-art solutions, complementing cryptography-based authentication whose security is limited due to the CAN protocol's limited message size. Unfortunately, VBS-D mechanisms are vulnerable to poisoning performed by a malicious device connected to the CAN bus, specifically designed to poison the deployed VBS-D mechanism as it adapts to environmental changes that take place when the vehicle is moving. In this paper, we harden VBS-D mechanisms using a deep learning-based mechanism which runs immediately, when the vehicle starts; this mechanism utilizes physical side-channels to detect and locate physical intrusions, even when the malicious devices connected to the CAN bus are silent. We demonstrate the mechanism's effectiveness (100% intrusion detection accuracy and error rates of close to 0%) in various physical intrusion scenarios and varying temperatures on a CAN bus prototype. In addition, we present a deep learning-based VBS-D mechanism that securely adapts to environmental changes. This mechanism's robustness (99.8% device identification accuracy) is demonstrated on a real moving vehicle.
Original language | English |
---|---|
Pages (from-to) | 4800-4814 |
Journal | IEEE Transactions on Information Forensics and Security |
Volume | 18 |
DOIs | |
State | Published - 20 Jun 2023 |
Keywords
- Authentication
- CAN Bus
- Deep learning
- Feature extraction
- Intrusion detection
- Location awareness
- Prototypes
- Voltage
- deep learning
- side-channel analysis
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications